CVE-2023-47455 — Out-of-bounds Write in Ax1806 Firmware

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow3 documents3 sources

Severity

9.1CRITICALNVD

EPSS

0.2%

top 61.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda Ax1806 Firmware

Timeline

PublishedNov 7

Latest updateNov 14

Description

Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

▶NVDtenda/ax1806_firmware1.0.0.1

🔴Vulnerability Details

GHSA

GHSA-2wh3-v786-vq3m: Tenda AX1806 V1↗2023-11-14

▶

CVEList

CVE-2023-47455: Tenda AX1806 V1↗2023-11-07

▶